Who We Are and Our Privacy Principles
Durand Corporate HealthCare Inc. ("Durand," "we," "us," or "our") operates Durand.life, a longitudinal workforce health intelligence platform. We detect health issues early, support continuous employee well-being, and enable employers, insurers, and benefits providers to make evidence-based decisions about the programs they offer.
Unlike many digital health platforms that operate outside established health privacy frameworks, Durand is designed from the ground up as a HIPAA-compliant entity and an Ontario PHIPA-regulated health information custodian. Many consumer wellness and preventive health platforms are not required to meet these standards. We are. That distinction is the foundation of the trust we build with every Member.
Four principles guide every decision we make about data:
| Principle | What It Means for You |
|---|---|
| Longitudinal Stewardship | Your health data is not a snapshot. It belongs to a continuous record that compounds over time. We protect that record as a long-term custodian, not a transactional processor. |
| Compliance-First Architecture | We build to the highest applicable standard across every jurisdiction we operate in, rather than to the minimum required. |
| Walled Garden Data Governance | Your data does not leave our secure environment. Partners work inside our infrastructure under our governance. Data is never exported, sold, or transferred as a standalone asset. |
| Absolute Employer Firewall | No individual health data, in any form, will ever reach your employer, unless you expressly choose to share it for your own benefit. |
A Message to Every Employee Member
Before you read anything else, please know this.
Your employer paid for your access to this platform. That is where their involvement ends.
Your employer will never see your health data. Not your scores. Not your test results. Not your risk profile. Not your care history. Not what you searched, asked, or shared on this platform. None of it. Ever.
Your employer's HR team, benefits administrators, and any third-party agents or consultants acting on their behalf have zero access to any individual health information on this platform. The only information your employer receives is anonymous, aggregated data about the overall health of their workforce as a group — the kind of summary that helps them choose better benefit programs for everyone, with no ability to identify any individual.
This protection does not change if you are promoted, change roles, take a leave of absence, or have a difficult relationship with your employer.
And if you leave your employer — whether you resign, retire, or are let go — your health record belongs to you, not them. You have the right to take your Durand® health record with you and to continue your membership independently or through a future employer. Your longitudinal health history does not get handed back to your employer or deleted when your employment ends. It is yours.
You may also choose to participate in rewards, incentive, or recognition programs offered by your employer, insurer, or a third-party partner. If you opt in, Durand acts as your independent advocate and neutral adjudicator — verifying your achievements and authorizing rewards on your behalf, without ever revealing the underlying health data that earned them. Your employer or insurer will know you qualified. They will not know why, or how, or what your results were.
Key Definitions
| Term | Meaning |
|---|---|
| Platform | The Durand.life digital health intelligence ecosystem, including all connected applications, portals, wearable integrations, AI health agents, and testing panel services. |
| Personal Health Information (PHI) | Any information about an identifiable individual relating to their physical or mental health, health history, or health services received or anticipated. |
| Personal Information (PI) | Any information about an identifiable individual beyond their health record, including contact, demographic, and employment data. |
| Advanced Biomarker Data | Data derived from multi-omic, proteomic, metabolomic, or other advanced analytical testing. This data is processed and interpreted within our platform and is subject to the same protections as PHI. |
| De-identified Data | Health or personal information from which all individual identifiers have been removed such that re-identification is not reasonably possible using accepted techniques, including differential privacy standards where applicable. |
| Aggregated Data | Statistical summaries or population-level insights derived from groups of individuals where no individual can be identified. |
| Approved Wellness Partner | A vetted third-party wellness, lifestyle, or health-adjacent service provider approved by Durand to offer opt-in programs to Members. |
| Employer / Plan Sponsor | The organization that has contracted with Durand to provide the Platform as a workplace health benefit. |
| Member / User | An individual registered to use the Platform, including employees covered by an employer-sponsored plan. |
| Research Partner | An accredited academic, clinical, or scientific institution collaborating with Durand under a formal Data Governance Agreement. |
| Authorized Third Party | A family member, caregiver, or health practitioner whom a Member has explicitly authorized to access their health record or data. |
Information We Collect
We collect only what is necessary to deliver your health program and to compound your health intelligence over time.
3.1 Information You Provide Directly
- Name, date of birth, contact information, and employment details
- Health history, lifestyle inputs, and symptom information you enter into the Platform
- Goals, preferences, and care navigation choices
- Communications with our care team or support staff
- Data you choose to upload directly to your profile, including records, lab results, or documents from sources outside the Platform ("Member-Uploaded Data"). You are responsible for the accuracy and appropriateness of any data you upload. Durand stores and processes Member-Uploaded Data in the same manner as other PHI and applies the same protections.
3.2 Information Collected Through Connected Devices and Services
- Biometric and activity data from connected wearable devices, including but not limited to heart rate, heart rate variability, sleep metrics, activity levels, blood oxygen, and skin temperature
- Data from laboratory and testing panel results processed through authorized clinical partners
- Advanced biomarker data from multi-omic or proteomic analyses conducted through our testing panel
- EHR (Electronic Health Record) data where you have provided informed consent
3.3 Information Collected Automatically
- Platform usage and interaction logs for security and service improvement
- Device and session information for authentication and platform integrity
How We Use Your Information
4.1 Delivering Your Health Program
- Creating and maintaining your longitudinal health profile
- Generating personalized AI health insights, custom scores, and progress reports
- Supporting care navigation and connecting you to relevant health services
- Enabling secure communication between you and health professionals
4.2 Platform and Science Advancement
- Analyzing platform performance to improve our services
- Developing new features, health intelligence capabilities, and care protocols
- Supporting the development and refinement of proprietary algorithms, scoring models, and clinical methodologies owned exclusively by Durand
4.3 Research, Care Model Development, and Intellectual Property
Durand is committed to advancing health science globally. We may use strictly de-identified data, and may engage Research Partners to collaborate on research conducted within our secure platform environment, to develop new and improved care models, population health insights, and clinical protocols.
Walled Garden Architecture
Research Partners work inside Durand's secure data environment. De-identified data is never exported, transmitted, or provided to any Research Partner as a standalone data set. All research activity occurs within our governed infrastructure. Partners contribute analysis, models, and insights. They do not receive data to take elsewhere.
All research activity is subject to:
- Formal Data Governance Agreements governing access, purpose, and conduct
- Ethics review or Institutional Review Board oversight where required
- De-identification standards consistent with differential privacy principles. For de-identified data used in testing activities conducted in the United States, de-identification is achieved using either the Expert Determination method or the Safe Harbor method as defined under the HIPAA Privacy Rule (45 CFR §164.514(b)). For testing activities conducted in Canada, de-identification standards comply with the applicable requirements of PIPEDA, PHIPA (Ontario), and Quebec Law 25, including the guidance issued by the Office of the Privacy Commissioner of Canada. Where activities span both jurisdictions, the more stringent applicable standard governs.
- Prohibitions on re-identification, commercialization of data, or use outside the approved research scope
Algorithms, scoring models, care protocols, and other intellectual property developed in whole or in part using platform data, whether developed solely by Durand or jointly with Research Partners, are and remain the exclusive property of Durand Corporate HealthCare Inc. Durand reserves the right to license, commercialize, or deploy such intellectual property globally without restriction, and without any obligation to share individual-level data in connection with such commercialization.
4.4 No Use for Advertising
Your health and wellness data will never be used to serve you third-party advertising, to build advertising profiles, or to infer health status for marketing purposes. This is an absolute prohibition.
4.5 Approved Wellness Partner Recommendations
Durand may identify wellness, lifestyle, or health-adjacent services that we believe may benefit specific Members based on their health profile. For example, a frailty prevention program, a menopause support service, or an evidence-based movement practice. These recommendations are made as part of our care navigation function, not as advertising.
Where a Member wishes to engage with an Approved Wellness Partner, we may, with the Member's express opt-in consent at the time of engagement, share relevant elements of that Member's de-identified or identified health profile with the partner for the purpose of improving the product or service design for that Member. Members may also consent to Durand receiving health outcomes data back from the Approved Wellness Partner, which will be incorporated into the Member's longitudinal record. Durand retains full rights to all data returned by any Approved Wellness Partner.
Participation in any Approved Wellness Partner program is always voluntary and requires affirmative, specific, and separate consent. Opting out does not affect any other aspect of your Platform access.
Wellness Platform Status and Limitation of Duty
Durand.life is a wellness and health optimization platform. It is not a medical provider, diagnostic service, or clinical decision support system. Nothing on this Platform constitutes medical advice, diagnosis, or treatment. Members expressly acknowledge this by using the Platform.
5.1 Nature of Platform Insights
The Platform generates health insights, scores, trends, and recommendations using artificial intelligence, data analytics, and population health models. These outputs are intended to support health awareness and wellness optimization. They are not clinical determinations and should not be relied upon as the basis for any medical decision without independent evaluation by a qualified health professional.
5.2 No Obligation to Disclose Analytical Outputs
Durand may, in the course of operating its platform and developing its health intelligence capabilities, generate or have access to analytical outputs, predictive models, risk scores, or algorithmic findings that relate to a Member's health trajectory, disease risk, or other health-related measures. Durand is under no obligation to share any such outputs, scores, or findings directly with any Member. We reserve the right, in our sole discretion, to determine what information is presented to Members, in what form, and with what context, having regard for the Member's readiness, the availability of appropriate clinical support, and the scientific maturity of the underlying model.
This reservation of discretion exists because certain insights may require clinical, genetic, or specialist counselling to be appropriately understood and acted upon. Sharing a raw algorithmic output without that context could cause harm. Durand's obligation is to your health outcomes, not to the unfiltered delivery of every data point we hold.
5.3 Algorithm and Testing Panel Confidentiality
The algorithms, scoring methodologies, testing panel composition, analytical frameworks, and proprietary models used by Durand are confidential commercial assets. We are under no obligation to disclose the mechanics, inputs, weighting, or outputs of any algorithm or scoring model to any Member, employer, insurer, regulator, or third party, except to the extent required by applicable law.
5.4 Hold Harmless for Platform Insights
By using the Platform, Members agree that Durand shall not be liable for any harm, loss, or adverse outcome arising from: (a) a Member's reliance on any Platform insight, score, or recommendation without independent clinical evaluation; (b) the non-disclosure by Durand of any analytical output or finding; (c) any delay between data collection and insight generation; or (d) any limitation in the predictive accuracy of any model or algorithm. Members are encouraged to engage with qualified health professionals for all clinical decisions.
Employer, Benefits, and Insurer Reporting
Absolute Individual Protection
Durand will never disclose any individual Member's health data, personal health information, or identifiable records to their employer, benefits provider, or insurer under any circumstances. This commitment is absolute and unconditional.
Durand provides the following categories of aggregate reporting to employers, plan sponsors, benefits providers, and insurers, for the purpose of program oversight, return on investment analysis, and benefits design optimization:
| Report Type | What It Contains |
|---|---|
| Program Utilization Reports | Engagement rates, feature adoption, and participation levels. Aggregate only. |
| Population Health Trend Reports | Anonymized health risk trends and longitudinal wellness trajectory data across workforce groups. |
| Health Outcomes Summaries | Aggregate evidence of program impact on health scores, absenteeism trends, and care navigation utilization. |
| Benefits and Insurance Optimization Insights | Aggregated, anonymized data insights to help benefits and insurance partners identify opportunities to improve or tailor program offerings to the needs of the covered population. |
| ROI Analysis | Program-level financial analysis demonstrating the value of Durand services to the employer or plan sponsor. |
All employer and insurer reporting is produced at a group level. Aggregation thresholds are applied to prevent reverse identification. Where a group is too small to safely aggregate, that group's data is withheld from reporting.
6.1 Advanced Biomarker and Emerging Data Categories
Certain data generated through our testing panel and advanced analytical capabilities, including but not limited to proteomic and metabolomic analyses, may not yet be subject to specific regulatory frameworks governing how such data may be used by insurers or benefits providers. Durand applies the most protective standard available in each jurisdiction to all such data, regardless of whether a specific regulatory requirement exists. We do not permit any insurer or benefits provider to use advanced biomarker data for underwriting, coverage determination, or pricing purposes without explicit Member consent and compliance with all applicable law.
6.2 Rewards, Incentives, and Durand as Neutral Adjudicator
Employers, insurers, and benefits providers may offer rewards, incentives, points, premium adjustments, or other recognition programs tied to health improvement goals, behaviour change milestones, compliance with a health program, or measurable clinical outcomes such as improved test results or sustained wellness activity.
Participation in any such program is always voluntary and requires the Member's specific, affirmative, and separate opt-in consent. A Member may opt in or out of any rewards program at any time without affecting their access to the Platform or any other aspect of their health program.
Durand as Neutral Adjudicator
Where a Member opts into a rewards or incentive program, Durand serves as an independent, neutral adjudicator between the Member and the program sponsor. Durand has access to the Member's full health record and is therefore uniquely positioned to verify whether a reward has been earned based on objective criteria such as a measurable improvement in a health score, completion of a health goal, a clinical result, or a documented behaviour change. Durand communicates only the outcome to the employer, insurer, or program sponsor: whether the reward criteria have been met and the reward authorized. The underlying health data, results, scores, or clinical information that led to that determination are never shared. The program sponsor knows the Member qualified. They do not know why, or what the underlying data showed.
All rewards adjudication activity is logged in the Member's record and is available to the Member at any time. Members may request a review of any adjudication decision through our Privacy Officer.
A Member may, at their sole discretion, choose to authorize Durand to share elements of their individual health record, historical scores, or data with their insurer or benefits provider for the purpose of seeking improved pricing, personalized benefits, or coverage adjustments. Any such sharing requires the Member's specific, affirmative, and documented consent at the time of the request. This feature may be introduced in a future version of the Platform and will be governed by a supplemental consent process when available.
Member-Authorized Third Party Access
A Member may choose to grant access to their health record or data to a family member, caregiver, or health practitioner ("Authorized Third Party"). Such access may be granted through the Platform's access controls and requires the Member's express, documented authorization.
Durand shall not be responsible for any misuse, unauthorized sharing, or harm arising from an Authorized Third Party's access to or use of a Member's data. By granting access to any third party, the Member assumes full responsibility for the consequences of that access. Durand is held harmless for any actions taken by Authorized Third Parties in connection with data accessed under a Member's authorization.
Artificial Intelligence and Third-Party Processing Partners
Durand uses artificial intelligence and machine learning to generate health insights, scores, and recommendations. Where AI processing involves engagement with a third-party technology partner, the following binding standards apply to every such relationship:
- Zero-Retention Policy: No AI processing partner may store, retain, or maintain any Member data beyond the scope and duration of the specific processing task for which it was engaged.
- Zero-Training Policy: No AI processing partner may use any Member data, whether identified or de-identified, to train, refine, or improve any model, algorithm, or system beyond the specific task performed for Durand.
- No Commercialization: No AI processing partner may use, share, sell, or benefit commercially from any Member data in any form.
- Contractual Enforcement: All AI processing relationships are governed by binding data processing agreements that enforce these standards, subject to audit.
Durand owns all data generated within or passing through its platform at all times, including data processed by third-party AI partners. No processing relationship transfers or dilutes Durand's data ownership.
Regulatory Compliance
Durand Corporate HealthCare Inc. operates in compliance with applicable health privacy and data protection law across all jurisdictions in which we operate. Where laws differ, we apply the most protective standard.
9.1 HIPAA
For services and Members subject to U.S. federal health privacy law, Durand operates as a compliant Business Associate and, where applicable, a Covered Entity. We implement all required administrative, physical, and technical safeguards for Protected Health Information under HIPAA's Privacy Rule, Security Rule, and Breach Notification Rule. We monitor HIPAA regulatory developments, including the proposed 2025 Security Rule updates, and will update our practices accordingly upon finalization.
9.2 PIPEDA
For Canadian operations, Durand complies with the Personal Information Protection and Electronic Documents Act. We adhere to the ten Fair Information Principles and maintain a designated Privacy Officer accountable for compliance. We conduct Privacy Impact Assessments for new data processing activities.
9.3 PHIPA (Ontario)
As a health information custodian operating in Ontario, Durand complies with the Personal Health Information Protection Act, respecting the rights of individuals to access and correct their health records and complying with mandatory breach notification requirements.
9.4 Quebec Law 25
For operations subject to Quebec's modernized privacy law, Durand complies with enhanced requirements including Privacy Officer designation, Privacy Impact Assessments prior to communicating personal information outside Quebec, data minimization, the right to data portability, and the right to be forgotten.
9.5 Prohibition on Use for Credit and Underwriting
Durand absolutely prohibits the use of any Member health, wellness, or biomarker data for credit-worthiness assessments, lending decisions, or individual insurance underwriting by any party, including Durand itself, except where a Member has expressly and specifically consented as described in Section 6.1.
9.6 Cross-Border Testing of De-Identified Samples (United States and Canada)
Durand conducts or facilitates testing of de-identified biospecimens and de-identified data in both the United States and Canada. The following framework governs all such cross-border testing activities.
De-Identification Prior to Transfer: All biospecimens and associated data are de-identified before any cross-border transfer, whether from Canada to the United States or from the United States to Canada. De-identification is completed within Durand's secure platform environment prior to transmission and is verified by Durand's Privacy Officer or a designated qualified expert before any transfer is authorized. Physical specimens are assigned pseudonymous coded identifiers as described in Section 11. The re-identification key is never transmitted across borders and remains solely within the originating Durand jurisdiction's infrastructure.
Canadian Cross-Border Requirements: Where de-identified samples or data originating in Canada are tested in the United States, Durand assesses on a case-by-case basis whether the transfer constitutes a communication of personal information outside Canada under PIPEDA or outside Quebec under Quebec Law 25. Where de-identification is confirmed to meet the applicable standard such that the information is no longer "personal information" within the meaning of the applicable law, a full Privacy Impact Assessment may not be required; however, Durand documents that assessment and retains it on file. Where any residual re-identification risk is identified, a Privacy Impact Assessment is completed prior to transfer, consistent with the requirements of Quebec Law 25 and PIPEDA accountability obligations. Contractual safeguards consistent with Schedule 1 of PIPEDA are applied to all cross-border testing partners regardless of whether the transferred material meets the de-identification threshold.
U.S. Cross-Border Requirements: Where de-identified samples or data originating in the United States are tested in Canada, Durand confirms that de-identification satisfies the HIPAA Expert Determination or Safe Harbor standard before transfer. HIPAA's Privacy Rule does not restrict the transfer of information that is properly de-identified, as such information is no longer Protected Health Information; however, Durand contractually binds all Canadian laboratory partners receiving such materials to the same no-retention, no-re-identification, and no-secondary-use obligations that apply to U.S.-based partners.
Governing Standard: In all cases of cross-border testing, Durand applies whichever de-identification standard affords greater protection to the Member. Results and derived data returned from cross-border testing partners are reintegrated into the Member's longitudinal record within Durand's secure platform environment, in compliance with the data return obligations described in Section 11. No testing partner acquires any independent ownership interest in the samples, data, or results.
Data Security
We implement a layered security framework to protect Member information across all channels and systems through which PHI is handled. Our security program includes:
- Encryption of data in transit using SSL/TLS technology and encryption of data at rest on our secure platform servers
- HIPAA-compliant communication channels for all internal team communications involving PHI, including encrypted email and secure messaging tools that meet applicable privacy and security standards. During our current buildout phase, clinical and care team communications may utilize HIPAA-compliant email alongside our core platform infrastructure. We are actively consolidating PHI handling toward our central platform environment as a priority roadmap initiative.
- Physically and electronically secured data center infrastructure with firewall protection
- Role-based access controls ensuring that only authorized personnel access health data, strictly limited to the minimum necessary for each role
- Multi-factor authentication for all staff and administrator access to systems containing PHI
- Continuous monitoring, intrusion detection, and documented incident response protocols
- Regular security testing and vulnerability management practices
- Formal confidentiality and privacy obligations for all personnel handling personal or health information, with training and enforcement
- Strict data isolation preventing employer or insurer administrator accounts from accessing individual Member health records under any circumstances
We will notify affected Members and applicable regulatory authorities of any data breach that may affect their rights, within the timeframes required by law.
Our roadmap includes advancing toward enhanced end-to-end encryption standards as our platform infrastructure matures and as applicable regulatory guidance evolves. Security architecture is reviewed on an ongoing basis and updated in response to emerging threats and regulatory developments.
Data Ownership, Partnerships, and the Walled Garden
Durand owns all data that is collected, generated, processed, or stored within the Durand.life platform, including data contributed by Members, data produced by connected devices, data processed by partners, and data returned by any care delivery or wellness partner.
Tier 1: Walled Garden Partners (Default)
The default model for all Durand partnerships is the Walled Garden. Research Partners, AI processing partners, analytics partners, and technology collaborators operate inside Durand's secure infrastructure under Durand's governance. They access computing capacity and analytical tools within our environment. No copy of Member data is transmitted to, downloaded by, or retained by these partners. Data never moves. Insights, models, and outputs are produced inside the wall and remain inside the wall unless Durand explicitly decides to deploy them. This is not a data management policy. It is an architectural principle that governs how we design every partnership from the first conversation.
Tier 2: Physically-Required External Partners (Narrow Exception)
A small number of service relationships require a governed data copy to be transmitted outside the platform for physical service delivery reasons only. The primary example is a clinical laboratory that must receive a sample requisition and process a physical specimen. In these narrow, physically-necessary cases, the following conditions are absolute:
- The data copy is authorized by Durand in writing for that specific purpose only.
- The copy must be destroyed or returned to Durand upon completion of the authorized purpose.
- The partner has no independent right to retain, use, analyze, share, or commercialize the data beyond the explicitly authorized purpose.
- Durand retains full ownership of all data and all outputs, results, or insights derived from it.
This exception exists because physical reality requires it, not because commercial convenience permits it. It is not a general data sharing framework.
Where physical biospecimens are transmitted to a clinical laboratory partner for testing, the specimen is accompanied only by a coded pseudonymous identifier; no directly identifying information (such as name, date of birth, or health card number) is included on the sample requisition or container label. The key linking the coded identifier to the Member's identity is held exclusively within Durand's secure platform environment and is never transmitted to the laboratory partner. Laboratory partners are contractually prohibited from attempting re-identification of any sample, from retaining any residual specimen beyond the authorized testing purpose, and from using any sample or derived result for any secondary purpose. These obligations apply equally to testing activities conducted in the United States and in Canada.
No partnership, licensing arrangement, or service agreement of any kind grants any external party an independent ownership interest in Member data, in any tier. Where Durand engages care fulfillment partners, EAP providers, or other service delivery partners, Durand contractually retains the right to receive full data back from those partners relating to the Members they serve on Durand's behalf.
When We Share Information
We do not sell, rent, or trade your personal information. We share information only under the following limited and governed circumstances:
- With licensed health professionals and clinical partners to deliver your care, subject to your consent
- With technology and infrastructure partners who process data on our behalf under strict data processing agreements enforcing our Zero-Retention and Zero-Training standards
- With Research Partners working inside our secure infrastructure under formal Data Governance Agreements, as described in Section 4.3
- With Approved Wellness Partners, only with your specific opt-in consent and only to the extent described in Section 4.5
- With employers, benefits providers, and insurers, using only aggregated, non-identifiable reporting as described in Section 6
- When required by law, court order, or regulatory demand, to the minimum extent necessary. We will notify affected Members of any such disclosure where permitted by law, and we will challenge any government or legal demand for Member data that we believe to be invalid, overly broad, or disproportionate.
- To protect the safety of an individual where we have reasonable grounds to believe there is a serious and imminent risk of harm
- In connection with a corporate transaction, as described in Section 14
Your Rights
You have the following rights with respect to your personal and health information held by Durand:
- Right to AccessRequest a copy of the personal and health information we hold about you.
- Right to CorrectionRequest correction of inaccurate or incomplete information.
- Right to Withdraw ConsentWithdraw consent for non-essential uses of your data at any time, subject to legal or contractual limitations.
- Right to DeletionSubject to legal obligations and the terms of your employer agreement, request deletion of your personal information.
- Right to Data PortabilityWhere applicable under law, request your health data in a structured, portable format.
- Right to an ExplanationRequest an explanation of how AI has been used in generating your health program outputs. Note that the specific algorithms and models underlying those outputs are confidential and will not be disclosed.
To exercise any of these rights, contact our Privacy Officer at privacy@durand.life. We will respond within the timelines required under applicable law.
Corporate Transactions, Succession, and Insolvency
In the event of a merger, acquisition, sale of assets, reorganization, financing, or insolvency proceeding involving Durand Corporate HealthCare Inc., Member data constitutes a protected asset subject to the following standing obligations that are binding on any successor, acquirer, trustee in bankruptcy, or other successor-in-interest:
- All privacy and confidentiality obligations under this Policy survive any corporate transaction and are binding on any entity that acquires, assumes, or manages Member data as a result of such a transaction.
- No acquirer or successor may use Member data in a manner inconsistent with this Policy without obtaining fresh informed consent from affected Members.
- Members will be notified prior to the completion of any transaction that materially affects the handling of their data, and will be given a reasonable opportunity to request deletion of their data if they do not consent to the new terms.
- In an insolvency proceeding, Member data may not be liquidated, sold, or transferred to a third party without compliance with all applicable privacy law and the consent obligations described above.
Data Retention
We retain personal and health information for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal and regulatory obligations, and to maintain the longitudinal integrity of the health record that is central to our platform's value. Where applicable law prescribes minimum retention periods for health records, we comply with those requirements. When information is no longer required, it is securely destroyed or irreversibly de-identified.
Cookies and Digital Tracking
We use essential cookies and similar technologies to maintain secure sessions and support platform functionality. We do not use tracking technologies for advertising purposes. Analytics tools used to improve the platform are configured in a privacy-preserving manner. We do not embed third-party advertising trackers or data broker tools in our platform. You may manage cookie preferences through your browser settings.
Policy Changes and Notice
We may update this Policy from time to time to reflect changes in our services, technology partnerships, legal requirements, or data practices. The following notice framework applies:
- Material changes: We will post an updated Policy with a revised effective date and provide at least 30 days prior notice to Members through the Platform or by email before a material change takes effect.
- Continued use: If you continue to use the Platform after the effective date of an updated Policy, you will be deemed to have accepted the updated terms with respect to data collected from that date forward.
- Historical data: Changes to this Policy do not retroactively alter the basis on which data collected prior to the effective date was processed.
- Regulatory or legal changes: Where a policy update is required immediately to comply with a change in applicable law or a regulator's directive, the update will take effect immediately and notice will be provided as promptly as practicable.
Contact Our Privacy Officer
For questions, concerns, or requests regarding this Privacy Policy or the handling of your information:
Durand® With You for Life® | Durand Corporate HealthCare Inc. | durand.life